If you’re already using Zammad, you’ll know that users can be admins, agents, or customers. These are Zammad’s built-in roles, and they’re the tip of the iceberg of its powerful, flexible, and fine-grained permission system.
👀 Users can have both “agent” and “customer” roles at the same time!
Why would you want this? Agents get overviews of all the tickets they’re assigned to (among other things), while customers get an overview of all the tickets they’ve opened. But some teams use Zammad for both internal and public communication, so their agents need both.
Having both roles also changes what you see in the ticket view, depending on whether you’re the “customer” or not.
💡 LDAP/Active Directory users:
Syncing your LDAP “groups” to Zammad roles can make access management way easier. To learn more, see LDAP / Active Directory.
What Is a Role?¶
tl;dr Some users can do things others can’t (like close a ticket). Users have roles, roles have permissions, and permissions are what make those actions possible.
So what exactly are permissions, then?
Simply put, permissions are names for all the different things users might want to do throughout the system, such as:
respond to live chat messages
access the Manage > Users admin panel
create/edit knowledge base articles
Zammad has dozens of these permissions, which is a lot to keep track of. So instead of saying “This user has permissions A, B, and C”, Zammad says “The agent role has permissions A, B, and C, and this user is an agent.”
This makes creating user accounts for new agents a whole lot simpler, and it also makes it easier to invent a new permission D and say “All existing agents can do that now, too.”
In short, roles are just collections of permissions that you can give to a user. The built-in admin, agent, and customer roles are enough for many teams, but Zammad gives you the freedom to custom-build your own.
And to do that, you’ll need to know what each permission does.
Reference Guide: Permissions¶
Broadly speaking, there are four types of permissions:
- 🛡️ Admin
for access to each page of the Admin Panel
- 🕵️ Agent
for access to customer communications
- 👤 Customer
ticket.customerpermission, customers can’t see the My Ticket overview—but they can still log in and open new tickets!
- 🎛️ User Preferences
for access to your own user profile
📁 Permissions are namespaced, which is sort of like having files inside of folders.
…and 30+ more
all belong to the
You can select them individually,
or you can just select
admin to enable the whole bunch.
- Default at signup
Every new user must be assigned at least one role upon creation. This attribute decides which role to give new users by default (which usually happens when creating a new ticket for a new customer).
🙅 Default roles should never provide admin/agent permissions.